Cisco SD-WAN Getting Started Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco SD-WAN Getting Started Guide

Chapter Title

Manage Licenses for Smart Licensing Using Policy

Results

Updated:
June 1, 2023

Chapter: Manage Licenses for Smart Licensing Using Policy

Manage Licenses for Smart Licensing Using Policy

Table 1. Feature History

Feature Name

Release Information

Description

License Management for Smart Licensing Using Policy, Using Cisco vManage

Cisco IOS XE Release 17.5.1a

Cisco vManage Release 20.5.1

Cisco SD-WAN operates together with Cisco Smart Software Manager (Cisco SSM) to provide license management through Cisco vManage. Cisco vManage shows available DNA licenses, assigns licenses to devices, and reports license consumption to Cisco SSM.

Support for License Management Offline Mode and Compliance Alarms

Cisco IOS XE Release 17.6.1a

Cisco vManage Release 20.6.1

With this feature, you can manage Cisco SD-WAN licenses through a Cisco vManage instance that is not connected to the internet. To synchronize license and compliance information between Cisco vManage and Cisco SSM, you must periodically download synchronization files from Cisco vManage and upload the files to Cisco SSM.

This feature also introduces compliance alarms that alert you if devices in the Cisco SD-WAN network are not yet licensed.

Support for Postpaid MSLA License Billing Models

Cisco IOS XE Release 17.8.1a

Cisco vManage Release 20.8.1

For postpaid Managed Services License Agreement (MSLA) program licenses, Cisco SD-WAN supports two distinct billing models for licenses—committed (MSLA-C) and uncommitted (MSLA-U). The procedure for assigning a postpaid license enables you to choose one of these two MSLA license types.

Support for License Management Using a Proxy Server

Cisco IOS XE Release 17.9.1a

Cisco vManage Release 20.9.1

If you configure Cisco vManage to use a proxy server for internet access, Cisco vManage uses the proxy server to connect to Cisco SSM or an on-prem SSM.

Support for Managing Licenses Using Cisco Smart Software Manager On-Prem

Cisco IOS XE Release 17.9.1a

Cisco vManage Release 20.9.1

Cisco vManage supports management of device licenses, using a Cisco SSM on-prem license server. This is useful for organizations that use Cisco SSM on-prem to accommodate a strict security policy that does not permit devices to communicate with Cisco SSM over a direct internet connection.

Information About Managing Licenses for Smart Licensing Using Policy

Cisco Smart Software Manager (SSM) manages Smart Licensing Using Policy (SLP) purchases, tracking availability and consumption of licenses. A Smart Account (SA) contains the licenses purchased by an organization. Virtual Accounts (VA) are subaccounts within the Smart Account that further organize the licenses, such as by department, product, geography, and so on. For more information to activate and manage Cisco licenses, see Smart Software Manager.

Cisco SD-WAN operates together with Cisco SSM to provide license management through Cisco vManage for devices operating with Cisco SD-WAN. Cisco vManage can show available DNA licenses, assign licenses to devices, monitor license usage, and report license consumption to CSSM. When you set up Cisco vManage to manage licenses, Cisco vManage operates between Cisco SSM and the devices in the network, as shown in the following illustration.

Figure 1. Cisco SSM Providing License Management Through Cisco vManage for SD-WAN Devices
Cisco SSM to provide license management through Cisco vManage for devices operating with Cisco SD-WAN.

Supported Licenses

Cisco vManage supports a subset of the license entitlements by default. The license entitlement types include the following:

  • Pre-paid

    • A la carte: These entitlements are delievered based on orders in Cisco Commerce Workspace (CCW).

    • Enterprise agreement (EA): These entitlements are delivered by reporting on the EA workspace.

  • Post-paid

    • MSLA-U: These entitlements are delievered based on orders in CCW.

    • MSLA-C: These entitlements are delievered based on orders in CCW.

For information about Smart Licensing Using Policy, see Smart Licensing Using Policy for Cisco Enterprise Routing Platforms.

For information about Managed Service License Agreements, see MSLA on Cisco Sales Connect.

Supported Entitlements

A license may include more than one entitlement. Each entitlement included with a license provides a specific functionality, such as routing features or a specific traffic throughput. The applicability of these entitlements on a particular device depends on the Cisco IOS XE software release operating on the device, and on the operation mode of the device, which can be autonomous or controller mode.

Your organization's Smart Account shows the entitlements included in each associated license.

Cisco vManage manages the following types of entitlements.

  • DNA entitlements (for example, DNA Routing Advantage Tier 1)

  • High Security (HSEC)

Other entitlements may appear in the Smart Account, but are not managed by Cisco vManage. Examples may include network stack entitlements, IP Base, App, Sec, Perf, Boost, DNA Essentials for SDWAN, and DNA Advantage for SDWAN.


Note

DNA Essentials for SDWAN (SDWAN-DNA-E) and DNA Advantage for SDWAN (SDWAN-DNA-A) are considered obsolete entitlement types and are not managed by Cisco vManage.

Supported Devices

License management using Cisco vManage supports Cisco IOS XE SD-WAN devices and Cisco vEdge devices.

License Server Options

Cisco vManage can receive license information and transmit reports on licensing usage in multiple ways, including the following:

  • Direct internet connection to Cisco SSM (online mode)

  • Manual management of licensing data (offline mode)

  • Cisco SSM on-prem server (on-prem mode, available from Cisco vManage Release 20.9.1)

For each of these modes, you can assign licenses to device in Cisco vManage in the same way.

Multitenancy

Cisco SD-WAN infrastructure can support multiple organizations, which share the resources of Cisco SD-WAN controllers, while operating independently of one another. This arrangement is called multitenancy. It enables a service provider to support multiple customers using the same Cisco SD-WAN controllers, and enables the service provider to manage the tenants using Cisco vManage. Cisco SD-WAN isolates each tenant’s data to ensure that each tenant has access only to the resources relevant to their organization. The service provider can use Cisco vManage to view all resources, and each tenant can separately log in to Cisco vManage to view their own resources. For more information about multitenancy, see Cisco SD-WAN Multitenancy in the Cisco SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Release 17.x.

When using Cisco SD-WAN with multitenancy, the service provider chooses the mode of synchronizing license information with a Cisco license server: online mode, offline mode, or on-prem mode. When you choose on-prem mode, the Cisco SSM on-prem license server stores the license information for the licenses that Cisco vManage manages. This includes the licenses that each tenant has chosen to manage. When a tenant configures a Cisco Smart Account and chooses licenses to manage in Cisco vManage, Cisco vManage sends a request to the Cisco SSM on-prem license server to retrieve the relevant license information from Cisco SSM. Cisco vManage receives the license information from the Cisco SSM on-prem license server and makes the licenses available for the tenant to use.

Information About Offline Mode

Normally, Cisco vManage communicates directly with the Cisco Smart Software Manager (SSM) through the internet for the following:

  • Receiving information about available licenses from Cisco SSM

  • Reporting license assignment to Cisco SSM

Offline mode provides the ability to keep Cisco vManage license management in synchronization with the Cisco SSM server when the Cisco vManage server is not connected to the internet. This is accomplished through the following steps:

  1. In Cisco SSM, generate a license summary file containing the details of all available license entitlements.

  2. Upload the license summary file into Cisco vManage.


    Note

    Even before uploading a license summary file into Cisco vManage, you can use Cisco vManage to assign default entitlements to devices in the network. These assignments are reconciled with the available entitlements after the license summary file is uploaded to Cisco vManage.

  3. In Cisco vManage, periodically generate a license report to upload to Cisco SSM, indicating license assignment.

  4. Receive an acknowledgement file from Cisco SSM after uploading the license report.

  5. Upload the acknowledgement file into Cisco vManage.

Figure 2. Upload and Receive Acknowledgement Files From Cisco vManage and Cisco SSM
Upload and Receive acknowledgement files from Cisco vManage and Cisco SSM.

By default, Cisco vManage requires this synchronization within an interval of 90 days. If you do not complete this synchronization within that period, an alert appears in the License Management dashboard. Some licenses might require synchronization more frequently:

  • Prepaid licenses: A report is required every three months.

  • Postpaid licenses: A report is required each month.

Failover

In a high availability scenario with more than one Cisco vManage instance, the Cisco vManage instances keep their license information synchronized. If one of the instances fails, the redundant Cisco vManage instance continues to perform license management operations using the previously synchronized license information.

Assigning Licenses to Devices Before Providing Smart Account Details to Cisco vManage

The recommended workflow for using offline mode is the following:

  1. Enable offline mode in Cisco vManage.

    See Enable Offline Mode.

  2. Provide your Smart Account details to Cisco vManage.

    See Generate a Cisco SSM License Summary File and Upload It into Cisco vManage.

  3. In Cisco vManage, assign licenses to devices.

  4. Periodically, generate a usage report file in Cisco vManage to upload to Cisco SSM. This report provides information about the licenses that you have assigned in Cisco vManage.

    See Generate a Usage Report File in Cisco vManage and Synchronize with Cisco SSM.

In some scenarios, such as during a trial period, you can delay the step of providing Smart Account details to Cisco vManage, and begin assigning licenses to devices. When you generate the usage report file for the first time and upload it to Cisco SSM, Cisco SSM prompts you to select the relevant virtual account.

Information About License Management Using a Proxy Server

Minimum releases: Cisco IOS XE Release 17.9.1a, Cisco vManage Release 20.9.1

If you configure Cisco vManage to use a proxy server for internet access, Cisco vManage uses the proxy server to connect to Cisco SSM or an on-prem SSM.

Figure 3. Proxy Server Providing Connectivity to Cisco SSM or On-Prem SSM
Proxy Server Providing Connectivity to Cisco SSM or On-Prem SSM.

For information about using a proxy server, see Configure HTTP/HTTPS Proxy Server in the Cisco SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Release 17.x.

Benefits of License Management Using a Proxy Server

For scenarios in which Cisco vManage is not connected directly to the internet, using a proxy server can provide access to internet-based services, such as Cisco SSM, or to a local on-prem SSM.

Information About Managing Licenses Using Cisco Smart Software Manager On-Prem

Minimum release: Cisco vManage Release 20.9.1

Cisco Smart Software Manager on-prem (SSM on-prem) is a Cisco Smart Licensing solution that enables you to administer licenses from a server on your premises, instead of having to connect directly to Cisco SSM. The solution involves setting up a Cisco SSM on-prem license server, which synchronizes its license database with Cisco SSM periodically and functions similarly to Cisco SSM, while operating locally.

Cisco vManage supports management of licenses using a Cisco SSM on-prem server, using a mode called on-prem. On-prem mode is useful for organizations that use Cisco SSM on-prem to accommodate a strict security policy that does not permit network devices to communicate with Cisco SSM by direct internet connection.

Figure 4. Cisco vManage Using a Cisco SSM On-Prem License Server

When operating in on-prem mode, Cisco vManage synchronizes license information with the Cisco SSM on-prem license server every 24 hours. During this synchronization, Cisco vManage receives any updates to available licenses and it sends license usage reports to the Cisco SSM on-prem license server. You can synchronize licenses at any time—see Synchronize Licenses.

For information about configuring the frequency of synchronization between the Cisco SSM on-prem license server and Cisco SSM, see the documentation for Cisco SSM on-prem. The Cisco Smart Software Manager On-Prem Data Sheet provides a link to the Cisco SSM on-prem software on the Cisco Software Download site. The product documentation is available through the Cisco Software Download site.

Benefits of Using Cisco Smart Software Manager On-Prem

Organizations whose security policies, or other circumstances, require that Cisco vManage not be connected to the internet have the following options for managing licenses for Smart License Using Policy:

  • Use offline mode, which requires transferring files manually between Cisco vManage and Cisco SSM.

  • Use a Cisco SSM on-prem server that is accessible through a local area connection to Cisco vManage.

Both of these methods address the need to transfer license information between Cisco SSM and Cisco vManage. Wherever it is possible to use the on-prem mode, this mode provides the significant benefit of reducing the maintenance overhead of transferring files manually between Cisco vManage and Cisco SSM, as is necessary for offline mode.

Prerequisites for Managing Smart License Using Policy

In a multitenant scenario, to configure a Cisco Smart Account to use with Cisco vManage, choose licenses to manage and synchronize license information, the tenant administrator requires the following permissions:

  • Write permission for the License Management option

  • Read permission for the Settings option

For information about configuring user permissions, see Role-Based Access Control in the Cisco SD-WAN Systems and Interfaces Configuration Guide, Cisco IOS XE Release 17.x.

Prerequisites for License Management Using a Proxy Server

Minimum release: Cisco vManage Release 20.9.1

  • Global proxy server configured and operational. The proxy server handles network or internet access requirements for multiple Cisco vManage services.

    To enable a global proxy server for Cisco vManage, from the Cisco vManage menu, choose Administration > Settings, and use the HTTP/HTTPS Proxy Server option.

  • Proxy server access to Cisco SSM or an on-prem SSM.

Prerequisites for Using Cisco SSM On-Prem

Minimum release: Cisco vManage Release 20.9.1

  • Cisco vManage must be hosted on-prem to enable local connectivity to the Cisco SSM on-prem license server. Cisco vManage cannot be hosted on a cloud server.

  • The minimum supported release of the Cisco SSM on-prem license server is SSM_On-Prem_8-202206.

  • Ensure that there is connectivity between the Cisco vManage host and the Cisco SSM on-prem license server.

  • The Cisco SSM on-prem license server must be operational.

Restrictions for Managing Licenses for Smart Licensing Using Policy

  • We recommend assigning a license to every device in the network.


    Note

    If a device appears in the device list but is not currently intended for use, it is not necessary to assign a license.

  • Ensure that the licenses in Cisco SSM that you are managing with Cisco vManage are organized into virtual accounts (VA).

  • When assigning licenses to devices, have Cisco SSM available to view license details that do not appear in Cisco vManage.

  • License management by Cisco vManage does not support isolated networks.

  • Automated reporting and billing is not supported for MSLA-C licenses.

  • Some devices (including Cisco ISR 1000 Series, Cisco ISR 4000 Series, Cisco Catalyst 8000 Series, and Cisco Catalyst 8000V) require an additional type of license called a High Security (HSEC) license to enable throughput above 250 Mbps. The HSEC license is in addition to the typical type of device license, such as DNA Advantage. When applying a device license for a throughput above 250 Mbps to one of these devices, ensure that the device has an HSEC license installed. Otherwise the throughput is limited to 250 Mbps even for a device license with a higher entitlement.


    Note

    From Cisco vManage Release 20.9.1, Cisco vManage supports installing HSEC licenses, and we recommend using Cisco vManage to install these licenses. (See Manage HSEC Licenses.) If you are using an earlier release of Cisco vManage, and if you are installing an HSEC license on a device manually, the following scenario may occur. If (a) the device transport mode is CSLU mode instead of Smart mode, and (b) the device is connected directly to Cisco SSM, the HSEC license installation may fail. As a workaround, push the device template to the device again, which can restore the device transport mode to Smart mode, enabling installation of the HSEC license.

  • Assigning a DNA Premier entitlement to a device does not automatically enable Cisco Umbrella Secure Internet Gateway (SIG).

  • Starting from Cisco IOS XE Release 17.9.1a and Cisco SD-WAN Release 20.9.1, while pushing an umbrella certificate from Cisco vManage, you need to provide Cisco vEdge certificate first, followed by IOS XE certificate, without any space. If we have an IOS XE certificate first, followed by Cisco vEdge certificate, umbrella registration fails on Cisco vEdge devices.

Restrictions for Offline Mode

In a multitenancy scenario, all tenants must operate in online mode or all tenants must operate in offline mode. There cannot be a mix of modes.

Restrictions for Using Cisco SSM On-Prem

Minimum release: Cisco vManage Release 20.9.1

The mode of connecting Cisco vManage to a license server (online, offline, on-prem) is an integral part of the Cisco SD-WAN infrastructure. When using Cisco SD-WAN multitenancy, only the service provider configures connectivity to a Cisco SSM on-prem license server. Individual tenants cannot configure separate license servers.

Use Cases for Smart License Using Policy

The following are use cases for managing Cisco Smart License Using Policy.

Use Cases for Offline Mode

In scenarios where the Cisco vManage does not have internet access, such as for security reasons, you can use offline mode to keep Cisco vManage and Cisco SSM in periodic synchronization.

Use Cases for Using Cisco SSM On-Prem

Minimum release: Cisco vManage Release 20.9.1

An organization’s security policy does not permit the devices hosting Cisco SD-WAN controllers to have direct connections to the internet. To enable management of device licenses using Cisco vManage, the organization sets up a Cisco SSM on-prem license server, accessible within the organization's LAN.

The license server has internet access and synchronizes license information with Cisco SSM. Cisco vManage connects to the license server over the organization's LAN and exchanges license information locally, without requiring direct internet access.

Configure Management of Smart License Using Policy

The following information describes configuration procedures for managing Cisco Smart License Using Policy.

License Management Workflow in Cisco vManage

The following steps show the workflow for managing licenses using Cisco vManage.

  1. Verify Cisco vManage connectivity to the Cisco SSM server.

    This step is only required when setting up license management.

    See Verify Cisco vManage Connectivity to the Cisco SSM Server.

  2. Prepare the licenses.

    Purchase licenses and ensure that they are in the correct Smart Account for your organization. In Cisco SSM, make note of how the licenses are organized in the Virtual Accounts within the Smart Account. This information is required in a later step of the workflow.

  3. In Cisco vManage, provide your account credentials.


    Note

    This step describes the most common case, which is managing licenses in Online mode. For other modes, the details of this step differ.

    After you provide credentials, Cisco vManage connects to the Smart Account and receives the information about available licenses in the account. After you begin using Cisco vManage for license management, Cisco vManage reports license assignments back to Cisco SSM to keep license details synchronized between Cisco vManage and Cisco SSM.

    See Enter Smart Account Credentials in Cisco vManage.

  4. In Cisco vManage, select the Virtual Accounts to use, within the Smart Account.

    Cisco vManage downloads the details of available licenses in the selected Virtual Accounts. There are options to manage only prepaid licenses, only postpaid licenses, or both, in the selected Virtual Accounts.


    Note

    Configuring Cisco vManage to manage compatible licenses requires confirmation before proceeding.

    See Synchronize Licenses.

  5. In Cisco vManage, assign licenses to devices.

    Assign licenses using existing license templates or create a new license template.

    See Assign a License to a Device.

  6. In Cisco vManage, monitor license usage.

    See Monitor License Usage.

Configure the License Reporting Mode

Before You Begin

When using Cisco SD-WAN multitenancy, only the service provider configures the Cisco SSM license server details, using the license server credentials.

Configure the License Reporting Mode

  1. For Cisco vManage Release 20.9.1 and later, from the Cisco vManage menu, choose Administration > Settings.


    Note

    In Cisco vManage Release 20.8.x and earlier, to configure the license reporting mode, from the Cisco vManage menu, choose Administration > License Management. Click Sync Licenses & Refresh Devices and choose a license reporting mode. Then continue with the procedure for synchronizing licenses, Synchronize Licenses.

  2. In the License Reporting section, click Edit and choose one of the following:


    Note

    Changing the mode causes Cisco vManage to permanently clear any license information that it is currently storing.

    • Online

    • Offline

    • On-prem

      Enter the following information for the Cisco SSM on-prem server:

      Field

      Description

      SSM Server

      IP address of the Cisco SSM on-prem license server.

      SSM Credentials

      Client ID and Client Secret

      Client ID and client secret credentials for the Cisco SSM on-prem license server. This information is available from the administrator who manages the license server.

  3. Click Save.

Verify Cisco vManage Connectivity to the Cisco SSM Server

Before You Begin

  • Ensure that Cisco vManage has connectivity to the internet through VPN 0.

  • In a multitenant scenario, only the provider has access to Cisco vManage. In this scenario, the provider performs this procedure.

Verify Cisco vManage Connectivity to the Cisco SSM Server

  1. From the Cisco vManage menu, choose Monitor > Overview.

    Cisco vManage Release 20.6.x and earlier: From the Cisco vManage menu, choose Dashboard > Main Dashboard.

  2. In the Summary area, click vManage. A dialog box opens and displays the Cisco vManage instances.

  3. For each Cisco vManage instance, perform the following steps:

    1. Click and choose SSH Terminal.

    2. Log in using your Cisco vManage credentials.

    3. Use the nslookup command to verify connectivity to each of the following domains over VPN 0. Cisco vManage requires connectivity to each of the domains.

      • apx.cisco.com

      • swapi.cisco.com

      If the output shows external IP addresses, it confirms that Cisco vManage has connectivity to the domain. If the output indicates that the command cannot resolve the domain, it indicates that Cisco vManage does not have connectivity to the domain.

      The following is an example indicating connectivity to each domain:

      Device#nslookup vpn 0 apx.cisco.com
nslookup in VPN 0:
Server:    10.1.0.1
Address 1: 10.1.0.1 dns.google

Name:      apx.cisco.com
Address 1: 10.1.0.2 apmx-prod1-vip.cisco.com

Device#nslookup vpn 0 swapi.cisco.com
nslookup in VPN 0:
Server:    10.1.0.1
Address 1: 10.1.0.1 dns.google

Name:      swapi.cisco.com
Address 1: 10.2.0.1 swapi.cisco.com
Address 2: 1234:5678:90ab::1 swapi.cisco.com

Enter Smart Account Credentials in Cisco vManage

Before You Begin

Ensure that you have configured DNS host and next-hop IP route entries for the Cisco SSM servers under VPN 0 on Cisco vManage. Without this configuration, Cisco vManage cannot communicate with Cisco SSM.

Enter Smart Account Credentials

  1. From the Cisco vManage menu, choose Administration > License Management.

  2. Click Sync Licenses & Refresh Devices.

    The Reporting Mode area shows the reporting mode configured on the Administration > Settings page (requires administrator permissions).

  3. Click Smart Account Credentials.

  4. In the Smart Account Credentials dialog box, configure the following:

    Field

    Description

    Username

    Username of the account you use to access the Smart Accounts and Virtual Accounts for which you have administrative privileges.

    Password

    Password for the account you use to access Smart Accounts and Virtual Accounts.

  5. Click Save.

    Cisco vManage authenticates the Smart Account credentials, and on successful authentication, saves the credentials in the database.

Synchronize Licenses

Before You Begin

  • You use this procedure to specify Smart Account and Virtual Account information, or synchronize licenses on-demand, which is useful if you have recently added licenses to your Smart Account and want to bring those licenses into Cisco vManage.

  • Ensure licenses belong to the correct Smart Accounts or Virtual Accounts on Cisco SSM.

    When the selected Smart Accounts and Virtual Accounts are registered with Cisco vManage, Cisco vManage fetches and synchronizes the license information with Cisco SSM, and reports usage of the licenses in these accounts.

Synchronize Licenses

  1. From the Cisco vManage menu, choose Administration > License Management.

  2. Click Sync Licenses & Refresh Devices.

  3. In the Sync Licenses & Refresh Devices dialog box, configure the following:


    Note

    If these details are already configured, you can skip this step and proceed to the next step to synchronize licenses again. This is useful if you have recently added licenses to your Smart Account and want to bring those licenses into Cisco vManage.

    Item

    Description
    Select Smart/Virtual Accounts to Fetch/Sync Licenses

    Select the Smart Accounts or Virtual Accounts for which Cisco vManage must fetch licenses from the Cisco SSM. Cisco vManage also reports license usage for the licenses in these accounts.

    Note

     

    Selecting an Smart Account automatically selects all the Virtual Accounts under the Smart Account.

    To stop Cisco vManage from fetching and synchronizing license information with Cisco SSM for an Smart Account or Virtual Account registered earlier, deselect the Smart Account or Virtual Account. You can deregister the Smart Account or Virtual Account only if you have not assigned any licenses from the account.

    Advanced > Type of Licenses

    Choose the type of licenses that must be fetched by Cisco vManage from among the license types that may belong to the selected Smart Accounts and Virtual Accounts.

    Select one of the following:

    • Prepaid

    • Postpaid

    • Mixed (both Prepaid and Postpaid)

    From Cisco vManage Release 20.8.1, if you choose to synchronize postpaid licenses, the license assignment procedure enables you to select committed MSLA licenses (MSLA-C) or uncommitted MSLA licenses (MSLA-U). See Assign a License to a Device.
    Advanced > Multiple Entitlement

    Select one of the following:

    • On: You can assign more than one license to a device.

    • Off: You can assign only one license to a device.

    Note

     

    Set this setting to On only if you need to map more than one DNA entitlement to a single device.

  4. Click Sync.

Assign a License to a Device

  1. From the Cisco vManage menu, choose Administration > License Management.

  2. Click Device.

  3. Select the devices to which to assign a license using the check box for each device.

  4. Click Assign License/Subscription.

    The Assign License/Subscription dialog box appears.

  5. In the Assign License/Subscription dialog box, configure the following:

    • In Cisco vManage Release 20.8.1 and later, the following options appear:

      Template Name

      To use a new template, enter a unique name for the template.

      To use an existing template, do the following:

      1. Turn on the Use existing template toggle.

      2. Choose an existing template.

      Virtual Account

      		 Choose the virtual account from which you wish to assign a license to the device.

      MSLA Type

      Choose one of the following:

      • MSLA-C: MSLA licenses using the committed billing model

      • MSLA-U: MSLA licenses using the uncommitted billing model

      Subscription ID

      Choose the subscription ID to track the license consumption.

      This option appears only if both of the following are true:

      • The license mode is postpaid.

      • You have chosen an option in the MSLA Type field.

      License

      Choose license to apply to the device. If you have enabled Multiple Entitlements in the Sync Licenses & Refresh Devices dialog box, you can assign up to three licenses to the device.

      Note

       

      • Select a license that belongs to the Virtual Account you have selected. On Cisco SSM, you can check the licenses that are available in a Virtual Account.

      • Check the device license applicability matrix in the Cisco DNA Software for SD-WAN and Routing Ordering Guide to ensure that you assign a license that is applicable to the device. Different device models support different throughputs.

        If you apply an incompatible license, the license may have no effect on device behavior. However, Cisco vManage will record the consumption of the license.

      • When assigning licenses, Cisco vManage shows the throughput entitlement levels as tiers. Select the tier that matches the license you have purchased. If you purchased a license with a throughput expressed as a throughput value, find the tier that corresponds to the throughput that the license provides.

        For example, for a Routing DNA Advantage license, Tier 2 provides up to 1 Gbps throughput. If your DNA Advantage license provides 1 Gbps, choose Tier 2.

        • Tier 0: 10M-15M (up to 30M aggregate)
        • Tier 1: 25M-100M (up to 200M aggregate)
        • Tier 2: 250M-1G (up to 2G aggregate)
        • Tier 3: 2.5G-10G (up to 20G aggregate)

      The list includes the predefined licenses that Cisco vManage provides, together with the licenses in the virtual account that you have chosen, that meet the MSLA type and subscription ID criteria.

    • In Cisco vManage Release 20.7.x and earlier, the following options appear:

      Are you using utility-based licensing (MSLA)?

      Check this check box if you wish to apply an MSLA license. By default, the check box is unchecked.

      Template Name

      To use a new template, enter a unique name for the template.

      To use an existing template, do the following:

      1. Turn on the Use existing template toggle.

      2. Choose an existing template.
      Virtual Account Choose the virtual account from which you wish to assign a license to the device.
      License

      Choose license to apply to the device. If you have enabled Multiple Entitlements in the Sync Licenses & Refresh Devices dialog box, you can assign up to three licenses to the device.

      Note

       

      • Select a license that belongs to the Virtual Account you have selected. On Cisco SSM, you can check the licenses that are available in a Virtual Account.

      • Check the device license applicability matrix in the Cisco DNA Software for SD-WAN and Routing Ordering Guide to ensure that you assign a license that is applicable to the device. Different device models support different throughputs.

        If you apply an incompatible license, the license may have no effect on device behavior. However, Cisco vManage will record the consumption of the license.

      • When assigning licenses, Cisco vManage shows the throughput entitlement levels as tiers. Select the tier that matches the license you have purchased. If you purchased a license with a throughput expressed as a throughput value, find the tier that corresponds to the throughput that the license provides.

        For example, for a Routing DNA Advantage license, Tier 2 provides up to 1 Gbps throughput. If your DNA Advantage license provides 1 Gbps, choose Tier 2.

        • Tier 0: 10M-15M (up to 30M aggregate)
        • Tier 1: 25M-100M (up to 200M aggregate)
        • Tier 2: 250M-1G (up to 2G aggregate)
        • Tier 3: 2.5G-10G (up to 20G aggregate)
      Subscription ID

      Choose the subscription ID to be used to track the license consumption. The subscription ID field is displayed only for the following conditions:

      • if mode is postpaid.

      • if mode is mixed and MSLA is true and if there are any subscriptions available.

  6. Click Save.

The license is assigned and you are returned to License Management > Device tab. In the table listing the devices, entries are made in the following columns in accordance with the license assignment:

  • Template Name: name of the template used to assign the license

  • Virtual Account: name of Virtual Account to which license belongs

  • MSLA:

    • True for an MSLA license

    • False for an a la carte or EA license

  • License Status: subscribed

  • License Type: prepaid, postpaid, or mixed based on the types of licenses assigned to the device.

  • Subscription ID: The subscription ID used for billing purposes in case of a postpaid license. For a prepaid license, this column has a blank entry.

License Management Offline Mode

Configure Offline Mode

Enable Offline Mode
Before You Begin

Note

Changing the mode from online to offline, or from offline to online causes Cisco vManage to permanently clear any license information that it is currently storing.

Enable Offline Mode, Cisco vManage Release 20.9.1 and Later

  1. From the Cisco vManage menu, choose Administration > Settings.

  2. In the License Reporting area, click the Offline option.

Enable Offline Mode, Before Cisco vManage Release 20.9.1

  1. From the Cisco vManage menu, choose Administration > License Management.

  2. Click Overview.

  3. Click Sync Licenses & Refresh Devices.

  4. Click the Offline option.

  5. (Optional) Click Advanced and select license types or configure multiple entitlement. For information about these options, see Fetch and Synchronize Licenses.

  6. Click Sync.


    Note

    If you are configuring offline mode for the first time, we recommend uploading a license summary file. See Generate a Cisco SSM License Summary File and Upload It into Cisco vManage.

Generate a Cisco SSM License Summary File and Upload It into Cisco vManage

Generating a license summary file in Cisco SSM and uploading the file to Cisco vManage brings all of the license information from your Cisco smart account into Cisco vManage.


  1. Note

    Generating a license summary file in the Cisco SSM portal is outside the scope of Cisco SD-WAN documentation and is subject to change.

    In Cisco Software Central, navigate to Manage Licenses, then navigate to Reports.

  2. Locate the option for downloading a synchronization file for device controllers. Specify Cisco vManage as the controller type, and include all virtual accounts.

  3. Download the license summary file, which is in tar.gz format.

  4. From the Cisco vManage menu, choose Administration > License Management.

  5. Click Overview.

  6. Click Sync Licenses & Refresh Devices.

  7. Click the Offline option.

  8. In the Attach License File area, click the option to upload a file. Browse to the license summary file and upload it.

  9. Click Sync.

Generate a Usage Report File in Cisco vManage and Synchronize with Cisco SSM

When managing licenses with Cisco vManage in the offline mode, use manually generated files to enable Cisco vManage to provide information about license assignment to Cisco SSM.

To generate a usage report file in Cisco vManage, upload it to Cisco SSM, receive an acknowledgement file from Cisco SSM, and upload the acknowledgement file to Cisco vManage, perform the following steps.

  1. From the Cisco vManage menu, choose Administration > License Management.

  2. Click Reporting.

  3. In the table, in the row with the Cisco Smart Account, click and choose Generate Report to generate the usage report file.

    When you generate a report, the Cisco vSmart Controller starts a 48-hour timer. If you do not upload an acknowledgement file from Cisco SSM within that time, an alert appears in the License Management Overview dashboard.

  4. In Cisco SSM, upload the usage report file.


    Note

    The details of procedures in the Cisco SSM portal are outside the scope of this documentation and subject to change.

    1. In Cisco Software Central, navigate to Manage Licenses.

    2. Navigate to Reports.

    3. Navigate to Upload Usage Data > Select and Upload File or the equivalent, and upload the report file generated by Cisco vManage.

    4. If prompted to select a virtual account, select the desired virtual account.


      Note

      In a scenario where you have not yet generated a license summary in Cisco SSM and uploaded it to Cisco vManage, Cisco SSM prompts you to select a virtual account. After you have generated a license summary in Cisco SSM and uploaded it to Cisco vManage, Cisco vManage has the virtual account information that it needs to associate licenses with the correct virtual account.

      For information about the scenario of assigning licenses to devices before providing Smart Account details to Cisco vManage, see Information About Offline Mode

      .

      Cisco SSM generates an acknowledgement file.

    5. When Cisco SSM finishes generating an acknowledgement file, click Download or the equivalent to download the file.

  5. From the Cisco vManage menu, choose Administration > License Management.

  6. Click Reporting.

  7. In the table, in the row with the Cisco Smart Account, click and choose Upload Ack to upload the acknowledgement file from Cisco SSM.

Monitor License Usage

License Management Overview

From the Cisco vManage menu, choose Administration > License Management to display the License Management Overview.

The License Management Overview page shows license information, including what percentage of devices have licenses assigned, the top types of licenses assigned to devices, license usage, license alarms, and so on.

License alarms alert you to licensing issues affecting devices in the Cisco SD-WAN network. You can click the alarm icon to display details of the problem. Issues include the following:

  • A device is not licensed.

  • The interval for reporting license usage to Cisco SSM has been exceeded.

    • Prepaid licenses: A report is required every three months.

    • Postpaid licenses: A report is required each month.

License Management Overview

After you have assigned at least one license, the Overview tab in the Administration > License Management page provides the following information:

Device Assignment Distribution

  • Percentage of licensed devices

  • Percentage of unlicensed devices
Top 5 licenses

Lists the top 5 licenses in use and shows the usage percentage for each license.

License Usage vs Availability

The dashlet features a bar chart with stacked columns.

The chart uses two stacked columns for each of the three license packages Advantage, Essentials, and Premier.

For each package, the column on the left represents the count of used licenses; the column on the right represents the count of available licenses.

The stacked segments in each column represent a particular license tier (such as Tier 0 or Tier 1). The segment for each tier is of a different color, as identified in the legend.

License and Devices Overview

This section provides the following details for each license assigned:

  • Name (for example, Routing DNA Essentials: Tier 0)

  • Number of Licensed Devices: Number of devices to which this license is assigned.

  • Number of Total Licenses: Sum of the number of licenses assigned and number of licenses available.

  • Last Assigned On: Date and time when the license was most recently assigned.

Troubleshooting for Managing Licenses for Smart License Using Policy

The following troubleshooting sections provide information for about troubleshooting issues affecting management of Smart License Using Policy using Cisco vManage.

Troubleshooting-General

The following is general troubleshooting information for managing licenses using Cisco vManage.

Failed to authenticate Smart Account credentials

Problem

When you enter Smart Account credentials, Cisco vManage displays an error saying, “Failed to authenticate Smart Account credentials.”

Possible Causes

Incorrect Smart Account credentials

Solutions

Verify that you have entered the Smart Account credentials correctly on the Administration > License Management page, using the Sync Licenses & Refresh Devices button.

Troubleshooting for Cisco SSM On-Prem

Minimum release: Cisco vManage Release 20.9.1

The following troubleshooting information applies when using a Cisco SSM on-prem license server.

Cisco Smart Account Server Is Unreachable

Problem

When you enter Smart Account credentials on the Administration > License Management page, using the Sync Licenses & Refresh Devices button, Cisco vManage displays an error saying that the Cisco Smart Account server is unreachable.

Possible Causes

  • Problem with connectivity between Cisco vManage and the Cisco SSM on-prem license server

  • Problem with Cisco SSM on-prem license server operation

  • Incorrect credentials for the Cisco SSM on-prem license server

  • Incorrect credentials for the Smart Account

Solutions

  1. Verify that Cisco vManage has connectivity to the Cisco SSM on-prem server.

  2. Verify that the Cisco SSM on-prem license server is operational.

  3. If you have administration permissions, verify that you have entered the correct credentials for the Cisco SSM on-prem license server on the Administration > Settings page, in the License Reporting section.

  4. Verify that you have entered the Smart Account credentials correctly on the Administration > License Management page, using the Sync Licenses & Refresh Devices button.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco